Wow, just checked my spam for my Grapl email and it's wild. I wonder if all of these companies offering their services realize that their emails are being automatically sent to spam.
Conversation
Replying to
For the GrapheneOS mail server, we enforce strict SPF (reject on hard or soft fail), DKIM (reject on errors such as DKIM signed but missing record) and DMARC along with only accepting mail via TLS. Eliminates nearly all spam. Fine with missing mail from broken servers.
2
4
Occasionally some marketing spam making it through and if it appears to be in an official capacity, I add their domain to a list of entirely rejected ones.
Also, enforcing some basic rules on header / HELO validity, etc.
Haven't needed PTR checks, graylisting, spam filtering.
2
1
Nearly all of it was killed by rejecting mail not sent via TLS and before doing that I checked and verified that there was not a single non-spam email sent without TLS for the initial couple years of having the domain.
Enforcing DKIM does reject some non-spam mail. Rest doesnt.
1
1
Typical issue with DKIM is that people use G Suite or something similar which DKIM signs their email and then the DKIM verifier gets an error looking up the DNS record because they didn't add it per the instructions.
I'm fine with rejecting it until they fix it though. *shrug*
1
1
Prefer being contacted via Matrix than email anyway. I'm tempted to set up a filter that automatically rejects PGP signed emails and tells people how to contact me via Matrix because I don't want to use PGP anymore particularly imported new previously unknown keys into it.